Adobe AIR for Mac <= 3.9.0.1380 Multiple Vulnerabilities (APSB14-02)

According to its version, the instance of Adobe AIR on the remote Mac OS X host is 3.9.0.1380 or earlier. It is, therefore, reportedly affected by the following vulnerabilities : - An unspecified vulnerability exists that can be used to bypass Flash Player security protections. CVE-2014-0491 - An...

MS13-106: Farewell to another ASLR bypass

Today we released MS13-106 which resolves a security feature bypass that can allow attackers to circumvent Address Space Layout Randomization ASLR using a specific DLL library HXDS.DLL provided as part of Microsoft Office 2007 and 2010. The existence of an ASLR bypass does not directly enable the...

ASLR bypass techniques are popular with APT attacks

Address space layout randomization ASLR is a security technique involved in protection from buffer overflow attacks. Many recent APT Advanced Persistent Threat attacks have utilized many different ASLR bypass techniques during the past year, according to Researchers at FireEye. Many exploits and...

GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201309-23 Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote...

Internet Explorer zero-day exploit used watering hole attacks to target Japanese users

Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft’s Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation...

Amazon Linux AMI : python26 (ALAS-2012-98)

A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting data into an array...

Amazon Linux AMI : expat (ALAS-2012-89)

A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this...

BIND Vulnerablilty Enables DNS Cache Poisoning Attack

A vulnerability in the BIND domain name system DNS software could give an attacker the ability to easily and reliably control queried name servers chosen by the most widely deployed DNS software on the Internet, according to new research presented at the Woot Conference in Washington D.C. today...

Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063

Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...

Kernel: sa_restorer information leak

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

Oracle Linux 5 : kernel (ELSA-2013-1034-1)

From Red Hat Security Advisory 2013:1034 : Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...

Oracle Linux 5 : dnsmasq (ELSA-2008-0789)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2008-0789 advisory. - fixes for CVE-2008-1447/CERT VU800113 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

Oracle Linux 6 : python (ELSA-2012-0744)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0744 advisory. - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 - distutils.config: create /.pypirc securely Resolves:...

Oracle Linux 5 : kernel (ELSA-2013-0168)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0168 advisory. - x86 mm: randomize SHLIBBASE Petr Matousek 804953 804954 CVE-2012-1568 - net ipv6: discard overlapping fragment Jiri Pirko 874837 874838 CVE-2012-4444...

Oracle Linux 5 / 6 : libxml2 (ELSA-2012-1288)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1288 advisory. - Change the XPath code to percolate allocation error CVE-2011-1944 - Fix an off by one pointer access CVE-2011-3102 - adds randomization to hash a...

RHEL 5 : kernel (RHSA-2013:1034)

Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CentOS 5 : kernel (CESA-2011:0833)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CVE-2013-3951

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

Path traversal

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

CVE-2013-3951

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...